effective_roles 0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 Code and Effect Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,129 @@
+# Effective Roles
+
+Implements multi-role authorization based on an integer roles_mask field
+
+Includes a mixin for adding authentication for any model.
+
+SQL Finders for returning a Relation with all permitted records.
+
+Handy formtastic helper for assigning roles.
+
+Intended for use with the other effective_* gems
+
+Designed to work on its own, or with simple pass through to CanCan
+
+Rails >= 3.2.x, Ruby >= 1.9.x.  Has not been tested/developed for Rails4.
+
+
+## Getting Started
+
+Add to Gemfile:
+
+```ruby
+gem 'effective_roles'
+```
+
+Run the bundle command to install it:
+
+```console
+bundle install
+```
+
+Install the configuration file:
+
+```console
+rails generate effective_roles:install
+```
+
+The generator will install an initializer which describes all configuration options.
+
+## Usage
+
+Add the mixin to an existing model:
+
+```ruby
+class Post
+  acts_as_role_restricted
+end
+```
+
+Then create a migration to add the :roles_Mask column to the model.
+
+```console
+rails generate migration add_roles_to_post roles_mask:integer
+```
+
+which will create a migration something like
+
+```ruby
+class AddRolesToPost < ActiveRecord::Migration
+  def change
+    add_column :posts, :roles_mask, :integer
+  end
+end
+```
+
+## Behavior
+
+### Defining Roles
+
+All roles are defined in the config/effective_roles.rb initializer.
+
+### Model
+
+Assign roles:
+
+```ruby
+post.roles = [:admin, :superamdin]
+post.save
+```
+
+See if an object has been assigned a specific role:
+
+```ruby
+post.is_role_restricted?
+=> true
+
+post.is?(:admin)
+=> true
+
+post.roles
+=> [:admin, :superadmin]
+```
+
+### Finder Methods
+
+Find all objects that have been assigned a specific role (or roles).  Will not return posts that have no assigned roles (roles_mask = 0)
+
+```ruby
+Post.with_role(:admin, :superadmin)   # Can pass as an array if you want
+```
+
+Find all objects that are appropriate for a specific role.  Will return posts that have no assigned roles
+
+```ruby
+Post.for_role(:admin)
+Post.for_role(current_user.roles)
+```
+
+These are both ActiveRecord::Relations, so you can chain them with other methods like normal.
+
+## License
+
+MIT License.  Copyright Code and Effect Inc. http://www.codeandeffect.com
+
+You are not granted rights or licenses to the trademarks of Code and Effect
+
+## Credits
+
+This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Authorization multi role based authorization based on the roles_mask field
+
+### Testing
+
+The test suite for this gem is unfortunately not yet complete.
+
+Run tests by:
+
+```ruby
+rake spec
+```

data/Rakefile

@@ -0,0 +1,23 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+# Our tasks
+load 'lib/tasks/effective_roles_tasks.rake'
+
+# Testing tasks
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec

data/app/helpers/effective_roles_helper.rb

@@ -0,0 +1,13 @@
+module EffectiveRolesHelper
+  # For use in formtastic forms
+  def effective_roles_fields(form, options = {})
+    if EffectiveRoles.role_descriptions.kind_of?(Hash)
+      role_descriptions = EffectiveRoles.role_descriptions[form.object.class.name]
+    end
+    role_descriptions ||= (EffectiveRoles.role_descriptions || [])
+
+    opts = {:f => form, :role_descriptions => role_descriptions}.merge(options)
+
+    render :partial => 'effective/roles/roles_fields', :locals => opts
+  end
+end

data/app/models/concerns/acts_as_role_restricted.rb

@@ -0,0 +1,82 @@
+# ActsAsRoleRestricted
+#
+# This model implements the
+# https://github.com/ryanb/cancan/wiki/Role-Based-Authorization
+# multi role based authorization based on the roles_mask field
+#
+# Mark your model with 'acts_as_role_restricted'
+#
+# and create the migration
+#
+# structure do
+#    roles_mask              :integer, :default => 0
+# end
+#
+
+module ActsAsRoleRestricted
+  extend ActiveSupport::Concern
+
+  module ActiveRecord
+    def acts_as_role_restricted(*options)
+      @acts_as_role_restricted_opts = options || []
+      include ::ActsAsRoleRestricted
+    end
+  end
+
+  included do
+    validates :roles_mask, :numericality => true, :allow_nil => true
+  end
+
+  module ClassMethods
+    # Call with for_role(:admin) or for_role(@user.roles) or for_role([:admin, :member]) or for_role(:admin, :member, ...)
+
+    # Returns all records which have been assigned any of the the given roles
+    def with_role(*roles)
+      where(with_role_sql(roles))
+    end
+
+    # Returns all records which have been assigned any of the given roles, as well as any record with no role assigned
+    def for_role(*roles)
+      sql = with_role_sql(roles) || ''
+      sql += ' OR ' if sql.present?
+      sql += "(#{self.table_name}.roles_mask = 0) OR (#{self.table_name}.roles_mask IS NULL)"
+      where(sql)
+    end
+
+    def with_role_sql(*roles)
+      roles = roles.flatten.compact
+      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.roles)
+      roles.map { |role| "(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.roles.index(role) }.join(' OR ')
+    end
+  end
+
+  def roles=(roles)
+    self.roles_mask = (roles.map(&:to_sym) & EffectiveRoles.roles).map { |r| 2**EffectiveRoles.roles.index(r) }.sum
+  end
+
+  def roles
+    EffectiveRoles.roles.reject { |r| ((roles_mask || 0) & 2**EffectiveRoles.roles.index(r)).zero? }
+  end
+
+  # if user.is? :admin
+  def is?(role)
+    roles.include?(role.try(:to_sym))
+  end
+
+  def roles_match_with?(obj)
+    if is_role_restricted? == false
+      true
+    elsif obj.respond_to?(:is_role_restricted?) == false
+      false
+    elsif obj.is_role_restricted? == false
+      true
+    else
+      (roles & obj.roles).any?
+    end
+  end
+
+  def is_role_restricted?
+    roles_mask > 0
+  end
+end
+

data/app/views/effective/roles/_roles_fields.html.haml

@@ -0,0 +1,17 @@
+- obj = f.object.class.name.downcase.gsub("::", '_')
+
+%fieldset.inputs
+  %legend
+    %span Role Restricted
+  %ol
+    %li{:id => "#{obj}_roles_input", :class => 'check_boxes input optional'}
+      %fieldset.choices
+        %legend.label
+          %label Roles
+        %input{:type => :hidden, :id => "#{obj}_roles_none", :name => "#{obj}[roles][]"}
+        %ol.choices-group
+          - EffectiveRoles.roles.each_with_index do |role, x|
+            %li.choice
+              %label{:for => "#{obj}_roles_#{role}"}
+                %input{:type => :checkbox, :id => "#{obj}_roles_#{role}", :name => "#{obj}[roles][]", :value => role.to_s, :checked => ("checked" if f.object.roles.include?(role))}= role
+              %p.inline-hints{:style => "margin: 2px 0 16px 0;"}= role_descriptions[x]

data/lib/effective_roles.rb

@@ -0,0 +1,12 @@
+require "effective_roles/engine"
+require "effective_roles/version"
+
+module EffectiveRoles
+  mattr_accessor :roles
+  mattr_accessor :role_descriptions
+
+  def self.setup
+    yield self
+  end
+
+end

data/lib/effective_roles/engine.rb

@@ -0,0 +1,27 @@
+module EffectiveRoles
+  class Engine < ::Rails::Engine
+    engine_name 'effective_roles'
+
+    config.autoload_paths += Dir["#{config.root}/app/models/concerns"]
+
+    # Include Helpers to base application
+    initializer 'effective_roles.action_controller' do |app|
+      ActiveSupport.on_load :action_controller do
+        helper EffectiveRolesHelper
+      end
+    end
+
+    # Include acts_as_addressable concern and allow any ActiveRecord object to call it
+    initializer 'effective_roles.active_record' do |app|
+      ActiveSupport.on_load :active_record do
+        ActiveRecord::Base.extend(ActsAsRoleRestricted::ActiveRecord)
+      end
+    end
+
+    # Set up our default configuration options.
+    initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
+      eval File.read("#{config.root}/lib/generators/templates/effective_roles.rb")
+    end
+
+  end
+end

data/lib/effective_roles/version.rb

@@ -0,0 +1,3 @@
+module EffectiveRoles
+  VERSION = "0.1"
+end

data/lib/generators/effective_roles/install_generator.rb

@@ -0,0 +1,17 @@
+module EffectiveRoles
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      desc "Creates an EffectiveRoles initializer in your application."
+
+      source_root File.expand_path("../../templates", __FILE__)
+
+      def copy_initializer
+        template "effective_roles.rb", "config/initializers/effective_roles.rb"
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/templates/README

@@ -0,0 +1 @@
+Thanks for using EffectiveRoles

data/lib/generators/templates/effective_roles.rb

@@ -0,0 +1,30 @@
+EffectiveRoles.setup do |config|
+  config.roles = [:superadmin, :admin, :member] # Only add to the end of this array.  Never prepend roles.
+
+  # config.role_descriptions may be an Array or a Hash
+  # These role descriptions are just text displayed by the effective_roles_fields() helper
+
+  # Use a Hash if you want different labels depending on the resource being editted
+  #
+
+  # config.role_descriptions = {
+  #   'User' => [
+  #     "full access to everything. Can manage users and all website content.",
+  #     "full access to website content.  Cannot manage users.",
+  #     "cannot access admin area.  Can see all content in members-only sections of the website."
+  #   ],
+  #   'Effective::Page' => [
+  #     "allow superadmins to see this page",
+  #     "allow admins to see this page",
+  #     "allow members to see this page"
+  #   ]
+  # }
+
+  # Or just keep it simple, and use the same Array of labels for everything
+  #
+  config.role_descriptions = [
+    "full access to everything. Can manage users and all website content.",
+    "full access to website content.  Cannot manage users.",
+    "cannot access admin area.  Can see all content in members-only sections of the website."
+  ]
+end

data/lib/tasks/effective_roles_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :effective_roles do
+#   # Task goes here
+# end

data/spec/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |   |   |-- images
+  |   |   |-- javascripts
+  |   |   `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   |-- assets
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   `-- cache
+  |       `-- assets
+  `-- vendor
+      |-- assets
+      |   |-- javascripts
+      |   `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.